ActivePost Standard File Upload Path Disclosure

2004-09-23T02:24:47
ID OSVDB:10235
Type osvdb
Reporter Luigi Auriemma(aluigi@autistici.org)
Modified 2004-09-23T02:24:47

Description

Vulnerability Description

ActivePost Standard contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when files are uploaded to the server, which will respond disclosing the full path of the uploaded file on the server. This flaw results in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

ActivePost Standard contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when files are uploaded to the server, which will respond disclosing the full path of the uploaded file on the server. This flaw results in a loss of confidentiality.

References:

Vendor Specific Solution URL: http://www.activepost.net/ Security Tracker: 1011406 Secunia Advisory ID:12642 Related OSVDB ID: 10233 Related OSVDB ID: 10236 Related OSVDB ID: 10234 Other Advisory URL: http://aluigi.altervista.org/adv/actp-adv.txt Other Advisory URL: http://www.securityfocus.com/archive/1/376151 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0852.html Keyword: TCP Port 6004 Generic Exploit URL: http://aluigi.altervista.org/poc/actpup.zip CVE-2004-2616